--- title: Workers Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Workers ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Dec 04, 2025 1. ### [One-click Access protection for Workers now creates reusable Cloudflare Access policies](https://developers.cloudflare.com/changelog/post/2025-12-03-reusable-access-policies/) [ Workers ](https://developers.cloudflare.com/workers/) Workers applications now use reusable [Cloudflare Access policies](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) to reduce duplication and simplify access management across multiple Workers. Previously, enabling Cloudflare Access on a Worker created per-application policies, unique to each application. Now, we create reusable policies that can be shared across applications: * **Preview URLs**: All Workers preview URLs share a single "Cloudflare Workers Preview URLs" policy across your account. This policy is automatically created the first time you enable Access on any preview URL. By sharing a single policy across all preview URLs, you can configure access rules once and have them apply company-wide to all Workers which protect preview URLs. This makes it much easier to manage who can access preview environments without having to update individual policies for each Worker. * **Production workers.dev URLs**: When enabled, each Worker gets its own reusable policy (named ` - Production`) by default. We recognize production services often have different access requirements and having individual policies here makes it easier to configure service-to-service authentication or protect internal dashboards or applications with specific user groups. Keeping these policies separate gives you the flexibility to configure exactly the right access rules for each production service. When you disable Access on a production Worker, the associated policy is automatically cleaned up if it's not being used by other applications. This change reduces policy duplication, simplifies cross-company access management for preview environments, and provides the flexibility needed for production services. You can still customize access rules by editing the reusable policies in the Zero Trust dashboard. To enable Cloudflare Access on your Worker: 1. In the Cloudflare dashboard, go to **Workers & Pages**. 2. Select your Worker. 3. Go to **Settings** \> **Domains & Routes**. 4. For `workers.dev` or Preview URLs, click **Enable Cloudflare Access**. 5. Optionally, click **Manage Cloudflare Access** to customize the policy. For more information on configuring Cloudflare Access for Workers, refer to the [Workers Access documentation](https://developers.cloudflare.com/workers/configuration/routing/workers-dev/#manage-access-to-workersdev). Nov 26, 2025 1. ### [Agents SDK v0.2.24 with resumable streaming, MCP improvements, and schedule fixes](https://developers.cloudflare.com/changelog/post/2025-11-26-agents-resumable-streaming/) [ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/) The latest release of [@cloudflare/agents ↗](https://github.com/cloudflare/agents) brings resumable streaming, significant MCP client improvements, and critical fixes for schedules and Durable Object lifecycle management. #### Resumable streaming `AIChatAgent` now supports resumable streaming, allowing clients to reconnect and continue receiving streamed responses without losing data. This is useful for: * Long-running AI responses * Users on unreliable networks * Users switching between devices mid-conversation * Background tasks where users navigate away and return * Real-time collaboration where multiple clients need to stay in sync Streams are maintained across page refreshes, broken connections, and syncing across open tabs and devices. #### Other improvements * Default JSON schema validator added to MCP client * [Schedules ↗](https://developers.cloudflare.com/agents/api-reference/schedule-tasks/) can now safely destroy the agent #### MCP client API improvements The `MCPClientManager` API has been redesigned for better clarity and control: * **New `registerServer()` method**: Register MCP servers without immediately connecting * **New `connectToServer()` method**: Establish connections to registered servers * **Improved reconnect logic**: `restoreConnectionsFromStorage()` now properly handles failed connections TypeScript ``` // Register a server to Agent const { id } = await this.mcp.registerServer({ name: "my-server", url: "https://my-mcp-server.example.com", }); // Connect when ready await this.mcp.connectToServer(id); // Discover tools, prompts and resources await this.mcp.discoverIfConnected(id); ``` The SDK now includes a formalized `MCPConnectionState` enum with states: `idle`, `connecting`, `authenticating`, `connected`, `discovering`, and `ready`. #### Enhanced MCP discovery MCP discovery fetches the available tools, prompts, and resources from an MCP server so your agent knows what capabilities are available. The `MCPClientConnection` class now includes a dedicated `discover()` method with improved reliability: * Supports cancellation via AbortController * Configurable timeout (default 15s) * Discovery failures now throw errors immediately instead of silently continuing #### Bug fixes * Fixed a bug where [schedules ↗](https://developers.cloudflare.com/agents/api-reference/schedule-tasks/) meant to fire immediately with this.schedule(0, ...) or `this.schedule(new Date(), ...)` would not fire * Fixed an issue where schedules that took longer than 30 seconds would occasionally time out * Fixed SSE transport now properly forwards session IDs and request headers * Fixed AI SDK stream events convertion to UIMessageStreamPart #### Upgrade To update to the latest version: Terminal window ``` npm i agents@latest ``` Nov 21, 2025 1. ### [Environment variable limits increase for Workers Builds](https://developers.cloudflare.com/changelog/post/2025-11-21-builds-env-var-increase/) [ Workers ](https://developers.cloudflare.com/workers/) [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/) now supports up to 64 environment variables, and each environment variable can be up to 5 KB in size. The previous limit was 5 KB total across all environment variables. This change enables better support for complex build configurations, larger application settings, and more flexible CI/CD workflows. For more details, refer to the [build limits documentation](https://developers.cloudflare.com/workers/ci-cd/builds/limits-and-pricing/#definitions). Nov 21, 2025 1. ### [Better local deployment flow for Cloudflare Workers](https://developers.cloudflare.com/changelog/post/2025-11-21-wrangler-deploy-remote-config-management/) [ Workers ](https://developers.cloudflare.com/workers/) Until now, if a Worker had been previously deployed via the [Cloudflare Dashboard ↗](https://dash.cloudflare.com), a subsequent deployment done via the Cloudflare Workers CLI, [**Wrangler**](https://developers.cloudflare.com/workers/wrangler/)(through the [deploy command](https://developers.cloudflare.com/workers/wrangler/commands/general/#deploy)), would allow the user to override the Worker's dashboard settings without providing details on what dashboard settings would be lost. Now instead, `wrangler deploy` presents a helpful representation of the differences between the [local configuration](https://developers.cloudflare.com/workers/wrangler/configuration/)and the remote dashboard settings, and offers to update your local configuration file for you. See example below showing a before and after for `wrangler deploy` when a local configuration is expected to override a Worker's dashboard settings: Before ![wrangler deploy run before the improved workflow](https://developers.cloudflare.com/_astro/before.Bz-MOePT_1kuOLk.webp) After ![wrangler deploy run after the improved workflow](https://developers.cloudflare.com/_astro/after.BrkkBaRL_1Mg50Q.webp) Also, if instead Wrangler detects that a deployment would override remote dashboard settings but in an additive way, without modifying or removing any of them, it will simply proceed with the deployment without requesting any user interaction. Update to [Wrangler](https://developers.cloudflare.com/workers/wrangler/) v4.50.0 or greater to take advantage of this improved deploy flow. Nov 12, 2025 1. ### [More SQL aggregate, date and time functions available in Workers Analytics Engine](https://developers.cloudflare.com/changelog/post/2025-11-12-analytics-engine-further-sql-enhancements/) [ Workers Analytics Engine ](https://developers.cloudflare.com/analytics/analytics-engine/)[ Workers ](https://developers.cloudflare.com/workers/) You can now perform more powerful queries directly in [Workers Analytics Engine ↗](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library. Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API. Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions: [**New aggregate functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/) * `countIf()` \- count the number of rows which satisfy a provided condition * `sumIf()` \- calculate a sum from rows which satisfy a provided condition * `avgIf()` \- calculate an average from rows which satisfy a provided condition [**New date and time functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/date-time-functions/) * `toYear()` * `toMonth()` * `toDayOfMonth()` * `toDayOfWeek()` * `toHour()` * `toMinute()` * `toSecond()` * `toStartOfYear()` * `toStartOfMonth()` * `toStartOfWeek()` * `toStartOfDay()` * `toStartOfHour()` * `toStartOfFifteenMinutes()` * `toStartOfTenMinutes()` * `toStartOfFiveMinutes()` * `toStartOfMinute()` * `today()` * `toYYYYMM()` #### Ready to get started? Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](https://developers.cloudflare.com/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/). Nov 09, 2025 1. ### [Select Wrangler environments using the CLOUDFLARE\_ENV environment variable](https://developers.cloudflare.com/changelog/post/2025-11-09-cloudflare-env-variable/) [ Workers ](https://developers.cloudflare.com/workers/) Wrangler now supports using the `CLOUDFLARE_ENV` [environment variable](https://developers.cloudflare.com/workers/wrangler/system-environment-variables/#supported-environment-variables) to select the active [environment](https://developers.cloudflare.com/workers/wrangler/environments/) for your Worker commands. This provides a more flexible way to manage environments, especially when working with build tools and CI/CD pipelines. #### What's new **Environment selection via environment variable:** * Set `CLOUDFLARE_ENV` to specify which environment to use for Wrangler commands * Works with all Wrangler commands that support the `--env` flag * The `--env` command line argument takes precedence over the `CLOUDFLARE_ENV` environment variable #### Example usage Terminal window ``` # Deploy to the production environment using CLOUDFLARE_ENV CLOUDFLARE_ENV=production wrangler deploy # Upload a version to the staging environment CLOUDFLARE_ENV=staging wrangler versions upload # The --env flag takes precedence over CLOUDFLARE_ENV CLOUDFLARE_ENV=dev wrangler deploy --env production # This will deploy to production, not dev ``` #### Use with build tools The `CLOUDFLARE_ENV` environment variable is particularly useful when working with build tools like Vite. You can set the environment once during the build process, and it will be used for both building and deploying your Worker: Terminal window ``` # Set the environment for both build and deploy CLOUDFLARE_ENV=production npm run build & wrangler deploy ``` When using `@cloudflare/vite-plugin`, the build process generates a ["redirected deploy config"](https://developers.cloudflare.com/workers/wrangler/configuration/#generated-wrangler-configuration) that is flattened to only contain the active environment. Wrangler will validate that the environment specified matches the environment used during the build to prevent accidentally deploying a Worker built for one environment to a different environment. #### Learn more * [System environment variables](https://developers.cloudflare.com/workers/wrangler/system-environment-variables/) * [Environments](https://developers.cloudflare.com/workers/wrangler/environments/) Nov 07, 2025 1. ### [Workers automatic tracing, now in open beta](https://developers.cloudflare.com/changelog/post/2025-11-07-automatic-tracing/) [ Workers ](https://developers.cloudflare.com/workers/) Enable automatic tracing on your Workers, giving you detailed metadata and timing information for every operation your Worker performs. ![Tracing example](https://developers.cloudflare.com/_astro/R2_Screenshot.DAnOidMq_Z15kdUk.webp) Tracing helps you identify performance bottlenecks, resolve errors, and understand how your Worker interacts with other services on the Workers platform. You can now answer questions like: * Which calls are slowing down my application? * Which queries to my database take the longest? * What happened within a request that resulted in an error? **You can now:** * View traces alongside your logs in the Workers Observability dashboard * Export traces (and correlated logs) to any [OTLP-compatible destination ↗](https://opentelemetry.io/docs/specs/otel/protocol/), such as [Honeycomb](https://developers.cloudflare.com/workers/observability/exporting-opentelemetry-data/honeycomb/), [Sentry](https://developers.cloudflare.com/workers/observability/exporting-opentelemetry-data/sentry/) or [Grafana](https://developers.cloudflare.com/workers/observability/exporting-opentelemetry-data/grafana-cloud/), by configuring a tracing destination in the [Cloudflare dashboard ↗](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/destinations) * Analyze and query across span attributes (operation type, status, duration, errors) #### To get started, set: JSONC ``` { "observability": { "tracing": { "enabled": true, }, }, } ``` Note In the future, Cloudflare plans to enable automatic tracing in addition to logs when you set `observability.enabled = true` in your Wrangler configuration. While automatic tracing is in early beta, this setting will not enable tracing by default, and will only enable logs. An updated [compatibility\_date](https://developers.cloudflare.com/workers/configuration/compatibility-dates/) will be required for this change to take effect. #### Want to learn more? * [Read the announcement ↗](https://blog.cloudflare.com/workers-tracing-now-in-open-beta/) * [Check out the documentation](https://developers.cloudflare.com/workers/observability/traces/) Nov 05, 2025 1. ### [D1 can restrict data localization with jurisdictions](https://developers.cloudflare.com/changelog/post/2025-11-05-d1-jurisdiction/) [ D1 ](https://developers.cloudflare.com/d1/)[ Workers ](https://developers.cloudflare.com/workers/) You can now set a [jurisdiction](https://developers.cloudflare.com/d1/configuration/data-location/) when creating a D1 database to guarantee where your database runs and stores data. Jurisdictions can help you comply with data localization regulations such as GDPR. Supported jurisdictions include `eu` and `fedramp`. A jurisdiction can only be set at database creation time via wrangler, REST API or the UI and cannot be added/updated after the database already exists. Terminal window ``` npx wrangler@latest d1 create db-with-jurisdiction --jurisdiction eu ``` ``` curl -X POST "https://api.cloudflare.com/client/v4/accounts//d1/database" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ --data '{"name": "db-wth-jurisdiction", "jurisdiction": "eu" }' ``` To learn more, visit D1's data location [documentation](https://developers.cloudflare.com/d1/configuration/data-location/). Nov 03, 2025 1. ### [Capture Wrangler command output in structured format](https://developers.cloudflare.com/changelog/post/2025-11-03-wrangler-output-file/) [ Workers ](https://developers.cloudflare.com/workers/) You can now capture Wrangler command output in a structured [ND-JSON ↗](https://github.com/ndjson/ndjson-spec) format by setting the [WRANGLER\_OUTPUT\_FILE\_PATH](https://developers.cloudflare.com/workers/wrangler/system-environment-variables/#supported-environment-variables) or [WRANGLER\_OUTPUT\_FILE\_DIRECTORY](https://developers.cloudflare.com/workers/wrangler/system-environment-variables/#supported-environment-variables) environment variables. This feature is particularly useful for CI/CD pipelines and automation tools that need programmatic access to deployment information such as worker names, version IDs, deployment URLs, and error details. Commands that support this feature include [wrangler deploy](https://developers.cloudflare.com/workers/wrangler/commands/#deploy), [wrangler versions upload](https://developers.cloudflare.com/workers/wrangler/commands/#versions), [wrangler versions deploy](https://developers.cloudflare.com/workers/wrangler/commands/#versions), and [wrangler pages deploy](https://developers.cloudflare.com/workers/wrangler/commands/#deploy-1). Oct 31, 2025 1. ### [Workers WebSocket message size limit increased from 1 MiB to 32 MiB](https://developers.cloudflare.com/changelog/post/2025-10-31-increased-websocket-message-size-limit/) [ Workers ](https://developers.cloudflare.com/workers/)[ Durable Objects ](https://developers.cloudflare.com/durable-objects/)[ Browser Rendering ](https://developers.cloudflare.com/browser-rendering/) Workers, including those using [Durable Objects](https://developers.cloudflare.com/durable-objects/) and [Browser Rendering](https://developers.cloudflare.com/browser-rendering/workers-bindings/), may now process WebSocket messages up to 32 MiB in size. Previously, this limit was 1 MiB. This change allows Workers to handle use cases requiring large message sizes, such as processing Chrome Devtools Protocol messages. For more information, please see the [Durable Objects startup limits](https://developers.cloudflare.com/durable-objects/platform/limits/#sqlite-backed-durable-objects-general-limits). Oct 31, 2025 1. ### [Increased Workflows instance and concurrency limits](https://developers.cloudflare.com/changelog/post/2025-10-28-raising-limits/) [ Workflows ](https://developers.cloudflare.com/workflows/)[ Workers ](https://developers.cloudflare.com/workers/) We've raised the [Cloudflare Workflows](https://developers.cloudflare.com/workflows/) account-level limits for all accounts on the [Workers paid plan](https://developers.cloudflare.com/workers/platform/pricing/): * **Instance creation rate** increased from 100 workflow instances per 10 seconds to 100 instances per second * **Concurrency limit** increased from 4,500 to 10,000 workflow instances per account These increases mean you can create new instances up to 10x faster, and have more workflow instances concurrently executing. To learn more and get started with Workflows, refer to [the getting started guide](https://developers.cloudflare.com/workflows/get-started/guide/). If your application requires a higher limit, fill out the [Limit Increase Request Form](https://developers.cloudflare.com/workers/platform/limits/) or contact your account team. Please refer to [Workflows pricing](https://developers.cloudflare.com/workflows/reference/pricing/) for more information. Oct 30, 2025 1. ### [Access Workers preview URLs from the Build details page](https://developers.cloudflare.com/changelog/post/2025-10-30-builds-preview/) [ Workers ](https://developers.cloudflare.com/workers/) You can now access [preview URLs](https://developers.cloudflare.com/workers/configuration/previews/) directly from the build details page, making it easier to test your changes when reviewing builds in the dashboard. ![preview button](https://developers.cloudflare.com/_astro/builds-preview-button.CjGnhkt7_kOMMe.webp) **What's new** * A **Preview** button now appears in the top-right corner of the build details page for successful builds * Click it to instantly open the latest preview URL * Matches the same experience you're familiar with from Pages Oct 24, 2025 1. ### [Automatic resource provisioning for KV, R2, and D1](https://developers.cloudflare.com/changelog/post/2025-10-24-automatic-resource-provisioning/) [ Workers ](https://developers.cloudflare.com/workers/) Previously, if you wanted to develop or deploy a worker with attached resources, you'd have to first manually create the desired resources. Now, if your Wrangler configuration file includes a KV namespace, D1 database, or R2 bucket that does not yet exist on your account, you can develop locally and deploy your application seamlessly, without having to run additional commands. Automatic provisioning is launching as an open beta, and we'd love to hear your feedback to help us make improvements! It currently works for KV, R2, and D1 bindings. You can disable the feature using the `--no-x-provision` flag. To use this feature, update to wrangler@4.45.0 and add bindings to your config file _without_ resource IDs e.g.: JSONC ``` { "kv_namespaces": [{ "binding": "MY_KV" }], "d1_databases": [{ "binding": "MY_DB" }], "r2_buckets": [{ "binding": "MY_R2" }], } ``` `wrangler dev` will then automatically create these resources for you locally, and on your next run of `wrangler deploy`, Wrangler will call the Cloudflare API to create the requested resources and link them to your Worker. Though resource IDs will be automatically written back to your Wrangler config file after resource creation, resources will stay linked across future deploys even without adding the resource IDs to the config file. This is especially useful for shared templates, which now no longer need to include account-specific resource IDs when adding a binding. Oct 24, 2025 1. ### [Build TanStack Start apps with the Cloudflare Vite plugin](https://developers.cloudflare.com/changelog/post/2025-10-24-tanstack-start/) [ Workers ](https://developers.cloudflare.com/workers/) The [Cloudflare Vite plugin](https://developers.cloudflare.com/workers/vite-plugin/) now supports [TanStack Start ↗](https://tanstack.com/start/) apps. Get started with new or existing projects. #### New projects Create a new TanStack Start project that uses the Cloudflare Vite plugin via the `create-cloudflare` CLI: npm yarn pnpm ``` npm create cloudflare@latest -- my-tanstack-start-app --framework=tanstack-start ``` ``` yarn create cloudflare my-tanstack-start-app --framework=tanstack-start ``` ``` pnpm create cloudflare@latest my-tanstack-start-app --framework=tanstack-start ``` #### Existing projects Migrate an existing TanStack Start project to use the Cloudflare Vite plugin: 1. Install `@cloudflare/vite-plugin` and `wrangler` npm yarn pnpm bun ``` npm i -D @cloudflare/vite-plugin wrangler ``` ``` yarn add -D @cloudflare/vite-plugin wrangler ``` ``` pnpm add -D @cloudflare/vite-plugin wrangler ``` ``` bun add -d @cloudflare/vite-plugin wrangler ``` 1. Add the Cloudflare plugin to your Vite config vite.config.ts ``` import { defineConfig } from "vite"; import { tanstackStart } from "@tanstack/react-start/plugin/vite"; import viteReact from "@vitejs/plugin-react"; import { cloudflare } from "@cloudflare/vite-plugin"; export default defineConfig({ plugins: [ cloudflare({ viteEnvironment: { name: "ssr" } }), tanstackStart(), viteReact(), ], }); ``` 1. Add your Worker config file * [ wrangler.jsonc ](#tab-panel-258) * [ wrangler.toml ](#tab-panel-259) JSONC ``` { "$schema": "./node_modules/wrangler/config-schema.json", "name": "my-tanstack-start-app", // Set this to today's date "compatibility_date": "2026-04-04", "compatibility_flags": [ "nodejs_compat" ], "main": "@tanstack/react-start/server-entry" } ``` TOML ``` "$schema" = "./node_modules/wrangler/config-schema.json" name = "my-tanstack-start-app" # Set this to today's date compatibility_date = "2026-04-04" compatibility_flags = [ "nodejs_compat" ] main = "@tanstack/react-start/server-entry" ``` 1. Modify the scripts in your `package.json` package.json ``` { "scripts": { "dev": "vite dev", "build": "vite build && tsc --noEmit", "start": "node .output/server/index.mjs", "preview": "vite preview", "deploy": "npm run build && wrangler deploy", "cf-typegen": "wrangler types" } } ``` See the [TanStack Start framework guide](https://developers.cloudflare.com/workers/framework-guides/web-apps/tanstack-start/) for more info. Oct 23, 2025 1. ### [Workers Preview URL default behavior now matches your workers.dev setting](https://developers.cloudflare.com/changelog/post/2025-10-23-preview-url-default-behavior/) [ Workers ](https://developers.cloudflare.com/workers/) We have updated the default behavior for Cloudflare Workers [Preview URLs](https://developers.cloudflare.com/workers/configuration/previews/). **Going forward, if a preview URL setting is not [explicitly configured](https://developers.cloudflare.com/workers/configuration/previews/#toggle-preview-urls-enable-or-disable) during deployment, its default behavior will automatically match the setting of your [workers.dev subdomain](https://developers.cloudflare.com/workers/configuration/routing/workers-dev/).** This change is intended to provide a more intuitive and secure experience by aligning your preview URL's default state with your `workers.dev` configuration to prevent cases where a preview URL might remain public even after you disabled your `workers.dev` route. **What this means for you:** * **If neither setting is configured:** both the workers.dev route and the preview URL will default to enabled * **If your workers.dev route is enabled and you do not explicitly set Preview URLs to enabled or disabled:** Preview URLs will default to enabled * **If your workers.dev route is disabled and you do not explicitly set Preview URLs to enabled or disabled:** Preview URLs will default to disabled You can override the default setting by explicitly enabling or disabling the preview URL in your Worker's configuration through the [API](https://developers.cloudflare.com/api/resources/workers/subresources/scripts/subresources/subdomain/), [Dashboard](https://developers.cloudflare.com/workers/configuration/previews/#from-the-dashboard), or [Wrangler](https://developers.cloudflare.com/workers/configuration/previews/#from-the-wrangler-configuration-file). **Wrangler Version Behavior** The default behavior depends on the version of Wrangler you are using. This new logic applies to the latest version. Here is a summary of the behavior across different versions: * **Before v4.34.0:** Preview URLs defaulted to enabled, regardless of the workers.dev setting. * **v4.34.0 up to (but not including) v4.44.0:** Preview URLs defaulted to disabled, regardless of the workers.dev setting. * **v4.44.0 or later:** Preview URLs now default to matching your workers.dev setting. **Why we’re making this change** In July, [we introduced preview URLs to Workers](https://developers.cloudflare.com/changelog/2025-07-23-workers-preview-urls/), which let you preview code changes before deploying to production. This made disabling your Worker’s workers.dev URL an ambiguous action — the preview URL, served as a subdomain of `workers.dev` (ex: `preview-id-worker-name.account-name.workers.dev`) would still be live even if you had disabled your Worker’s `workers.dev` route. If you misinterpreted what it meant to disable your `workers.dev` route, you might unintentionally leave preview URLs enabled when you didn’t mean to, and expose them to the public Internet. To address this, we made a [one-time update](https://developers.cloudflare.com/changelog/2025-09-17-update-preview-url-setting/) to disable preview URLs on existing Workers that had their workers.dev route disabled and changed the default behavior to be disabled for all new deployments where a preview URL setting was not explicitly configured. While this change helped secure many customers, it was disruptive for customers who keep their `workers.dev` route enabled and actively use the preview functionality, as it now required them to explicitly enable preview URLs on every redeployment.This new, more intuitive behavior ensures that your preview URL settings align with your `workers.dev` configuration by default, providing a more secure and predictable experience. **Securing access to `workers.dev` and preview URL endpoints** To further secure your `workers.dev` subdomain and preview URL, you can [enable Cloudflare Access with a single click](https://developers.cloudflare.com/changelog/2025-10-03-one-click-access-for-workers/) in your Worker's settings to limit access to specific users or groups. Oct 16, 2025 1. ### [View and edit Durable Object data in UI with Data Studio (Beta)](https://developers.cloudflare.com/changelog/post/2025-10-16-durable-objects-data-studio/) [ Durable Objects ](https://developers.cloudflare.com/durable-objects/)[ Workers ](https://developers.cloudflare.com/workers/) ![Screenshot of Durable Objects Data Studio](https://developers.cloudflare.com/_astro/do-data-studio.BfCcgtkq_Z4LLzm.webp) You can now view and write to each Durable Object's storage using a UI editor on the Cloudflare dashboard. Only Durable Objects using [SQLite storage](https://developers.cloudflare.com/durable-objects/best-practices/access-durable-objects-storage/#create-sqlite-backed-durable-object-class) can use Data Studio. [ Go to **Durable Objects** ](https://dash.cloudflare.com/?to=/:account/workers/durable-objects) Data Studio unlocks easier data access with Durable Objects for prototyping application data models to debugging production storage usage. Before, querying your Durable Objects data required deploying a Worker. To access a Durable Object, you can provide an object's unique name or ID generated by Cloudflare. Data Studio requires you to have at least the `Workers Platform Admin` role, and all queries are captured with audit logging for your security and compliance needs. Queries executed by Data Studio send requests to your remote, deployed objects and incur normal usage billing. To learn more, visit the Data Studio [documentation](https://developers.cloudflare.com/durable-objects/observability/data-studio/). If you have feedback or suggestions for the new Data Studio, please share your experience on [Discord ↗](https://discord.com/channels/595317990191398933/773219443911819284) Oct 10, 2025 1. ### [Worker startup time limit increased to 1 second](https://developers.cloudflare.com/changelog/post/2025-10-10-increased-startup-time/) [ Workers ](https://developers.cloudflare.com/workers/) You can now upload a Worker that takes up 1 second to parse and execute its global scope. Previously, startup time was limited to 400 ms. This allows you to run Workers that import more complex packages and execute more code prior to requests being handled. For more information, see the documentation on [Workers startup limits](https://developers.cloudflare.com/workers/platform/limits/#worker-startup-time). Oct 09, 2025 1. ### [You can now deploy full-stack apps on Workers using Terraform](https://developers.cloudflare.com/changelog/post/2025-10-09-assets-terraform/) [ Workers ](https://developers.cloudflare.com/workers/) You can now upload Workers with [static assets](https://developers.cloudflare.com/workers/static-assets/) (like HTML, CSS, JavaScript, images) with the [Cloudflare Terraform provider v5.11.0 ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs), making it even easier to deploy and manage full-stack apps with IaC. **Previously**, you couldn't use Terraform to upload static assets without writing custom scripts to handle generating an [asset manifest](https://developers.cloudflare.com/workers/static-assets/direct-upload/#upload-manifest), calling the [Cloudflare API to upload assets in chunks](https://developers.cloudflare.com/workers/static-assets/direct-upload/#upload-static-assets), and handling change detection. **Now**, you simply define the directory where your assets are built, and we handle the rest. Check out the [examples](https://developers.cloudflare.com/changelog/#examples) for what this looks like in Terraform configuration. You can get started today with [the Cloudflare Terraform provider (v5.11.0) ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs), using either the existing [cloudflare\_workers\_script resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workers%5Fscript), or the beta [cloudflare\_worker\_version resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker%5Fversion). #### Examples #### With `cloudflare_workers_script` Here's how you can use the existing [cloudflare\_workers\_script ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/workers%5Fscript) resource to upload your Worker code and assets in one shot. ``` resource "cloudflare_workers_script" "my_app" { account_id = var.account_id script_name = "my-app" content_file = "./dist/worker/index.js" content_sha256 = filesha256("./dist/worker/index.js") main_module = "index.js" # Just point to your assets directory - that's it! assets = { directory = "./dist/static" } } ``` #### With `cloudflare_worker`, `cloudflare_worker_version`, and `cloudflare_workers_deployment` And here's an example using the beta [cloudflare\_worker\_version ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/worker%5Fversion) resource, alongside the [cloudflare\_worker ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker) and [cloudflare\_workers\_deployment ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/workers%5Fdeployment) resources: ``` # This tracks the existence of your Worker, so that you # can upload code and assets separately from tracking Worker state. resource "cloudflare_worker" "my_app" { account_id = var.account_id name = "my-app" } resource "cloudflare_worker_version" "my_app_version" { account_id = var.account_id worker_id = cloudflare_worker.my_app.id # Just point to your assets directory - that's it! assets = { directory = "./dist/static" } modules = [{ name = "index.js" content_file = "./dist/worker/index.js" content_type = "application/javascript+module" }] } resource "cloudflare_workers_deployment" "my_app_deployment" { account_id = var.account_id script_name = cloudflare_worker.my_app.name strategy = "percentage" versions = [{ version_id = cloudflare_worker_version.my_app_version.id percentage = 100 }] } ``` #### What's changed Under the hood, the Cloudflare Terraform provider now handles the same logic that Wrangler uses for static asset uploads. This includes scanning your assets directory, computing hashes for each file, generating a manifest with file metadata, and calling the Cloudflare API to upload any missing files in chunks. We support large directories with parallel uploads and chunking, and when the asset manifest hash changes, we detect what's changed and trigger an upload for _only_ those changed files. #### Try it out * Get started with [the Cloudflare Terraform provider (v5.11.0) ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs) * You can use either the existing [cloudflare\_workers\_script resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workers%5Fscript) to upload your Worker code and assets in one resource. * Or you can use the new beta [cloudflare\_worker\_version resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker%5Fversion) (along with the [cloudflare\_worker ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker) and [cloudflare\_workers\_deployment ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/workers%5Fdeployment)) resources to more granularly control the lifecycle of each Worker resource. Oct 09, 2025 1. ### [You can now deploy and manage Workflows in Terraform](https://developers.cloudflare.com/changelog/post/2025-10-09-workflows-terraform/) [ Workers ](https://developers.cloudflare.com/workers/) You can now create and manage [Workflows](https://developers.cloudflare.com/workflows/) using Terraform, now supported in the [Cloudflare Terraform provider v5.11.0 ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workflow). Workflows allow you to build durable, multi-step applications -- without needing to worry about retrying failed tasks or managing infrastructure. Now, you can deploy and manage Workflows through Terraform using the new [cloudflare\_workflow resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workflow): ``` resource "cloudflare_workflow" "my_workflow" { account_id = var.account_id workflow_name = "my-workflow" class_name = "MyWorkflow" script_name = "my-worker" } ``` #### Examples Here are full examples of how to configure `cloudflare_workflow` in Terraform, using the existing [cloudflare\_workers\_script resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workers%5Fscript), and the beta [cloudflare\_worker\_version resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker%5Fversion). #### With `cloudflare_workflow` and `cloudflare_workers_script` ``` resource "cloudflare_workers_script" "workflow_worker" { account_id = var.cloudflare_account_id script_name = "my-workflow-worker" content_file = "${path.module}/../dist/worker/index.js" content_sha256 = filesha256("${path.module}/../dist/worker/index.js") main_module = "index.js" } resource "cloudflare_workflow" "workflow" { account_id = var.cloudflare_account_id workflow_name = "my-workflow" class_name = "MyWorkflow" script_name = cloudflare_workers_script.workflow_worker.script_name } ``` #### With `cloudflare_workflow`, and the new beta resources You can more granularly control the lifecycle of each Worker resource using the beta [cloudflare\_worker\_version ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/worker%5Fversion) resource, alongside the [cloudflare\_worker ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/worker) and [cloudflare\_workers\_deployment ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs/resources/workers%5Fdeployment) resources. ``` resource "cloudflare_worker" "workflow_worker" { account_id = var.cloudflare_account_id name = "my-workflow-worker" } resource "cloudflare_worker_version" "workflow_worker_version" { account_id = var.cloudflare_account_id worker_id = cloudflare_worker.workflow_worker.id main_module = "index.js" modules = [{ name = "index.js" content_file = "${path.module}/../dist/worker/index.js" content_type = "application/javascript+module" }] } resource "cloudflare_workers_deployment" "workflow_deployment" { account_id = var.cloudflare_account_id script_name = cloudflare_worker.workflow_worker.name strategy = "percentage" versions = [{ version_id = cloudflare_worker_version.workflow_worker_version.id percentage = 100 }] } resource "cloudflare_workflow" "my_workflow" { account_id = var.cloudflare_account_id workflow_name = "my-workflow" class_name = "MyWorkflow" script_name = cloudflare_worker.workflow_worker.name } ``` #### Try it out * Get started with [the Cloudflare Terraform provider (v5.11.0) ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/5.11.0/docs) and the new [cloudflare\_workflow resource ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/workflow). Oct 07, 2025 1. ### [New Overview Page for Cloudflare Workers](https://developers.cloudflare.com/changelog/post/2025-10-06-new-worker-overview-page/) [ Workers ](https://developers.cloudflare.com/workers/) ![Screenshot of the Workers overview page in the Cloudflare dashboard](https://developers.cloudflare.com/_astro/workers-overview.BM_exs4R_IaSn9.webp) Each of your Workers now has a new overview page in the Cloudflare dashboard. The goal is to make it easier to understand your Worker without digging through multiple tabs. Think of it as a new home base, a place to get a high-level overview on what's going on. It's the first place you land when you open a Worker in the dashboard, and it gives you an immediate view of what’s going on. You can see requests, errors, and CPU time at a glance. You can view and add bindings, and see recent versions of your app, including who published them. Navigation is also simpler, with visually distinct tabs at the top of the page. At the bottom right you'll find guided steps for what to do next that are based on the state of your Worker, such as adding a [binding](https://developers.cloudflare.com/workers/runtime-apis/bindings/) or connecting a custom domain. We plan to add more here over time. Better insights, more controls, and ways to manage your Worker from one page. If you have feedback or suggestions for the new Overview page or your Cloudflare Workers experience in general, we'd love to hear from you. Join the Cloudflare developer community on [Discord ↗](https://discord.com/channels/595317990191398933/1064502845061210152). Oct 03, 2025 1. ### [One-click Cloudflare Access for Workers](https://developers.cloudflare.com/changelog/post/2025-10-03-one-click-access-for-workers/) [ Workers ](https://developers.cloudflare.com/workers/) You can now enable [Cloudflare Access](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) for your [workers.dev](https://developers.cloudflare.com/workers/configuration/routing/workers-dev/) and [Preview URLs](https://developers.cloudflare.com/workers/configuration/previews/) in a single click. ![Screenshot of the Enable/Disable Cloudflare Access button on the workers.dev route settings page](https://developers.cloudflare.com/_astro/workers-access.DGGYThLx_1YsjKO.webp) Access allows you to limit access to your Workers to specific users or groups. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [Access policy](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/). To enable Cloudflare Access: 1. In the Cloudflare dashboard, go to the **Workers & Pages** page. [ Go to **Workers & Pages** ](https://dash.cloudflare.com/?to=/:account/workers-and-pages) 2. In **Overview**, select your Worker. 3. Go to **Settings** \> **Domains & Routes**. 4. For `workers.dev` or Preview URLs, click **Enable Cloudflare Access**. 5. Optionally, to configure the Access application, click **Manage Cloudflare Access**. There, you can change the email addresses you want to authorize. View [Access policies](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/#selectors) to learn about configuring alternate rules. To fully secure your application, it is important that you validate the JWT that Cloudflare Access adds to the `Cf-Access-Jwt-Assertion` header on the incoming request. The following code will validate the JWT using the [jose NPM package ↗](https://www.npmjs.com/package/jose): JavaScript ``` import { jwtVerify, createRemoteJWKSet } from "jose"; export default { async fetch(request, env, ctx) { // Verify the POLICY_AUD environment variable is set if (!env.POLICY_AUD) { return new Response("Missing required audience", { status: 403, headers: { "Content-Type": "text/plain" }, }); } // Get the JWT from the request headers const token = request.headers.get("cf-access-jwt-assertion"); // Check if token exists if (!token) { return new Response("Missing required CF Access JWT", { status: 403, headers: { "Content-Type": "text/plain" }, }); } try { // Create JWKS from your team domain const JWKS = createRemoteJWKSet( new URL(`${env.TEAM_DOMAIN}/cdn-cgi/access/certs`), ); // Verify the JWT const { payload } = await jwtVerify(token, JWKS, { issuer: env.TEAM_DOMAIN, audience: env.POLICY_AUD, }); // Token is valid, proceed with your application logic return new Response(`Hello ${payload.email || "authenticated user"}!`, { headers: { "Content-Type": "text/plain" }, }); } catch (error) { // Token verification failed return new Response(`Invalid token: ${error.message}`, { status: 403, headers: { "Content-Type": "text/plain" }, }); } }, }; ``` #### Required environment variables Add these [environment variables](https://developers.cloudflare.com/workers/configuration/environment-variables/) to your Worker: * `POLICY_AUD`: Your application's AUD tag * `TEAM_DOMAIN`: `https://.cloudflareaccess.com` Both of these appear in the modal that appears when you enable Cloudflare Access. You can set these variables by adding them to your Worker's [Wrangler configuration file](https://developers.cloudflare.com/workers/wrangler/configuration/), or via the Cloudflare dashboard under **Workers & Pages** \> **your-worker** \> **Settings** \> **Environment Variables**. Oct 02, 2025 1. ### [Workers Analytics Engine adds supports for new SQL functions](https://developers.cloudflare.com/changelog/post/2025-09-26-analytics-engine-sql-enhancements/) [ Workers Analytics Engine ](https://developers.cloudflare.com/analytics/analytics-engine/)[ Workers ](https://developers.cloudflare.com/workers/) You can now perform more powerful queries directly in [Workers Analytics Engine ↗](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library. Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API. Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions: [**New aggregate functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/) * `argMin()` \- Returns the value associated with the minimum in a group * `argMax()` \- Returns the value associated with the maximum in a group * `topK()` \- Returns an array of the most frequent values in a group * `topKWeighted()` \- Returns an array of the most frequent values in a group using weights * `first_value()` \- Returns the first value in an ordered set of values within a partition * `last_value()` \- Returns the last value in an ordered set of values within a partition [**New bit functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/bit-functions/) * `bitAnd()` \- Returns the bitwise AND of two expressions * `bitCount()` \- Returns the number of bits set to one in the binary representation of a number * `bitHammingDistance()` \- Returns the number of bits that differ between two numbers * `bitNot()` \- Returns a number with all bits flipped * `bitOr()` \- Returns the inclusive bitwise OR of two expressions * `bitRotateLeft()` \- Rotates all bits in a number left by specified positions * `bitRotateRight()` \- Rotates all bits in a number right by specified positions * `bitShiftLeft()` \- Shifts all bits in a number left by specified positions * `bitShiftRight()` \- Shifts all bits in a number right by specified positions * `bitTest()` \- Returns the value of a specific bit in a number * `bitXor()` \- Returns the bitwise exclusive-or of two expressions [**New mathematical functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/mathematical-functions/) * `abs()` \- Returns the absolute value of a number * `log()` \- Computes the natural logarithm of a number * `round()` \- Rounds a number to a specified number of decimal places * `ceil()` \- Rounds a number up to the nearest integer * `floor()` \- Rounds a number down to the nearest integer * `pow()` \- Returns a number raised to the power of another number [**New string functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/string-functions/) * `lowerUTF8()` \- Converts a string to lowercase using UTF-8 encoding * `upperUTF8()` \- Converts a string to uppercase using UTF-8 encoding [**New encoding functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/encoding-functions/) * `hex()` \- Converts a number to its hexadecimal representation * `bin()` \- Converts a string to its binary representation [**New type conversion functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/type-conversion-functions/) * `toUInt8()` \- Converts any numeric expression, or expression resulting in a string representation of a decimal, into an unsigned 8 bit integer #### Ready to get started? Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](https://developers.cloudflare.com/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/). Sep 26, 2025 1. ### [Automatic loopback bindings via ctx.exports](https://developers.cloudflare.com/changelog/post/2025-09-26-ctx-exports/) [ Workers ](https://developers.cloudflare.com/workers/) The [ctx.exports API](https://developers.cloudflare.com/workers/runtime-apis/context/#exports) contains automatically-configured bindings corresponding to your Worker's top-level exports. For each top-level export extending `WorkerEntrypoint`, `ctx.exports` will contain a [Service Binding](https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings) by the same name, and for each export extending `DurableObject` (and for which storage has been configured via a [migration](https://developers.cloudflare.com/durable-objects/reference/durable-objects-migrations/)), `ctx.exports` will contain a [Durable Object namespace binding](https://developers.cloudflare.com/durable-objects/api/namespace/). This means you no longer have to configure these bindings explicitly in `wrangler.jsonc`/`wrangler.toml`. Example: JavaScript ``` import { WorkerEntrypoint } from "cloudflare:workers"; export class Greeter extends WorkerEntrypoint { greet(name) { return `Hello, ${name}!`; } } export default { async fetch(request, env, ctx) { let greeting = await ctx.exports.Greeter.greet("World") return new Response(greeting); } } ``` At present, you must use [the enable\_ctx\_exports compatibility flag](https://developers.cloudflare.com/workers/configuration/compatibility-flags#enable-ctxexports) to enable this API, though it will be on by default in the future. [See the API reference for more information.](https://developers.cloudflare.com/workers/runtime-apis/context/#exports) Sep 23, 2025 1. ### [Improved support for running multiple Workers with \`wrangler dev\`](https://developers.cloudflare.com/changelog/post/2025-09-23-wrangler-dev-multi-config-cross-command-support/) [ Workers ](https://developers.cloudflare.com/workers/) You can run multiple Workers in a single dev command by passing multiple config files to `wrangler dev`: Terminal window ``` wrangler dev --config ./web/wrangler.jsonc --config ./api/wrangler.jsonc ``` Previously, if you ran the command above and then also ran wrangler dev for a different Worker, the Workers running in separate wrangler dev sessions could not communicate with each other. This prevented you from being able to use [Service Bindings ↗](https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings/) and [Tail Workers ↗](https://developers.cloudflare.com/workers/observability/logs/tail-workers/) in local development, when running separate wrangler dev sessions. Now, the following works as expected: Terminal window ``` # Terminal 1: Run your application that includes both Web and API workers wrangler dev --config ./web/wrangler.jsonc --config ./api/wrangler.jsonc # Terminal 2: Run your auth worker separately wrangler dev --config ./auth/wrangler.jsonc ``` These Workers can now communicate with each other across separate dev commands, regardless of your development setup. ./api/src/index.ts ``` export default { async fetch(request, env) { // This service binding call now works across dev commands const authorized = await env.AUTH.isAuthorized(request); if (!authorized) { return new Response('Unauthorized', { status: 401 }); } return new Response('Hello from API Worker!', { status: 200 }); }, }; ``` Check out the [Developing with multiple Workers](https://developers.cloudflare.com/workers/development-testing/multi-workers) guide to learn more about the different approaches and when to use each one. Sep 19, 2025 1. ### [Rate Limiting in Workers is now GA](https://developers.cloudflare.com/changelog/post/2025-09-19-ratelimit-workers-ga/) [ Workers ](https://developers.cloudflare.com/workers/) [Rate Limiting within Cloudflare Workers](https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/) is now Generally Available (GA). The `ratelimit` binding is now stable and recommended for all production workloads. Existing deployments using the unsafe binding will continue to function to allow for a smooth transition. For more details, refer to [Workers Rate Limiting](https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/) documentation. [Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)